[pull] latest from npm:latest #11
Open
+252,076
−183,751
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
fritzy
force-pushed
the
latest
branch
3 times, most recently
from
3037d35 to
f3b0c43
Compare
lukekarrys
force-pushed
the
latest
branch
2 times, most recently
from
591d1d1 to
9e74d3e
Compare
Invalid scripts warnings are gone that should not be there
When searching for multiple terms in npm, the highlighting code has a bug where it duplicates the output any time there are matching terms. This fixes the highlighting code. Before:  After: 
Certain project dependency trees may result in an SBOM with duplicate entries. This fix ensures that each unique dependency (identified by the combination of package name and version) only appears in the SBOM once. Applies to both SPDX and CycloneDX SBOM formats. Specific to the CycloneDX format, this change also removes the `cdx:npm:package:path` property from the `component` entries in the generated SBOM. Since the same package may be present at multiple paths within the project and we're now de-duplicating those packages, it no longer makes sense to include this in the SBOM. This does not impact the SPDX format as there is no equivalent property. Fixes: #6967 Signed-off-by: Brian DeHamer <[email protected]>
Noticed some of the resources pointed to external sites not controlled by npm or github and wanted to clean them up so they can't be squatted on.
Setting `tag` in `publishConfig` constitutes a "non default" scenario.
documentation of `ls` command specifies that `depth` flag if not set defaults to `1` but as per code it uses 0 as default value. https://github.com/npm/cli/blob/dc31c1bdc6658ab69554adcf2988ee99a615c409/lib/commands/ls.js#L113-L116 fixes: #7979
This PR fixes small typos in the documentation for "configuring npm/package-json"
Update the copy for "requirements" to specify that it is the Node.js support lifecycle that is key, not a specific version. Also removed the badges from the readme. Most of that info is already on the page as parsed by GitHub.
#8054 broke the smoke test because were publishing the current version in a test
Im a big proponent of scripts working the same way in ci as they would locally. and that we should be able to run anything the ci does locally. The publish script is used to publish npm and ws packages, but also within a series of smoke tests. Making the flags clear it's either one of the two paths was my goal.
This removes the `publish.sh --smoke-publish` like from the current
`smoke-publish-test.sh` (renaming it to `smoke-test.sh`) and runs both
operations as seperete jobs within the `ci.yml` (on pr) and
`ci-release.yml` (on merge) workflow.
Why? To avoid changed files / git dirty issues from one operation to the
next.
With this PR we should have the same checks that merge has, on pr as
well, preventing scenarios where a PR breaks a `smoke test` or `publish
--smoke-publish` test. The only difference between merge / pr is that
merge has more tested node versions, if PRs start to pass but fail in
these version lets add the full matrix.
```sh
npm i npm@latest -g && node scripts/git-dirty.js && node scripts/resetdeps.js && ./scripts/smoke-tests.sh
```
```sh
npm i npm@latest -g && node scripts/git-dirty.js && node scripts/resetdeps.js && node ./scripts/publish.js --pack-destination=${pwd} --smoke-publish=true
```
It is not a valid cli flag, single-hyphen flags should all be single-character. Eventually `-ws` will need to go away so will at least stop suggesting it now.
Single hyphen cli flags traditionally are single-character only, so they can be combined. npm already supports combining single-hyphen flags together, so it eventually needs stop supporting multi-character ones. Also re-added -ws to undocumented shorthands, it was accidentally removed from the main config and not re-added to the internal one. Finally, warnings on a few env configs that npm tosses around were suppressed for now.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )